From 7cb942aca3048228f108034a16c5d9bac9c53120 Mon Sep 17 00:00:00 2001
From: rugk <rugk@posteo.de>
Date: Mon, 21 Jan 2019 23:19:41 +0100
Subject: [PATCH] Make PHP paste ID function more robust

---
 lib/Request.php | 14 +++++++++++---
 1 file changed, 11 insertions(+), 3 deletions(-)

diff --git a/lib/Request.php b/lib/Request.php
index 1487b4b0..5f25e7f3 100644
--- a/lib/Request.php
+++ b/lib/Request.php
@@ -80,9 +80,17 @@ class Request
      */
     private function getPasteId()
     {
-        return preg_match(
-            '/[a-f0-9]{16}/', $_SERVER['QUERY_STRING'], $match
-        ) ? $match[0] : 'invalid id';
+        // RegEx to check for valid paste ID (16 base64 chars)
+        $pasteIdRegEx = '/^[a-f0-9]{16}$/';
+
+        foreach ($_GET as $key => $value) {
+            // only return if value is empty and key matches RegEx
+            if (($value === "") and preg_match($pasteIdRegEx, $key, $match)) {
+                return $match[0];
+            };
+        }
+
+        return 'invalid id';
     }
 
     /**